Hello and welcome to the Tuesday, August 22nd, 2023 edition of the Sandton and Storm Thunder's Stormcast.

My name is Johannes Ulrich.

And today I'm recording from Jacksonville, Florida.

Guy in his honeypot did notice a marked increase in requests for SystemBC.

System BC is actually a malware.

It's a remote access trojan that turned systems into proxy.

And starting a few days ago, it looks like we had a marked increase in scans for a URL

related to SystemBC, systemBC slash password.

Php.

Turning systems into proxies and building basically infrastructure out of compromise systems

is certainly not new.

What may be happening here, and that's sort of why we see these scans in our honeypots is that other

attackers are essentially sort of looking for open proxies that they can take over, so more

or less parasitic scans. There's also currently AT&T reporting about a large proxy network that they're seeing.

They're calling it proxy nation.

I don't think the two events are really related.

In their case, Mac and Windows systems apparently are being recruited here to be part of

the proxy botnet.

And they state that something like 400,000

systems have already been connected to this particular proxy botnet. In some cases, even more

advanced adversaries have been taking advantage of proxies, micro-tick devices, for example,

were compromised. While they widely gone and later used for some more sophisticated attacks. And remember about a week ago on August 8, Microsoft

...